A user employing a computing device and a network connection to interact with a restricted networked service typically must provide credentials or the like in order to gain access to the service. As may be appreciated, such credentials may take the form of an entered user name or other user identifier, a password, and perhaps other identifying indicia that would identify the user. Based on the credentials, then, the service should be reasonably assured that the user accessing the service is indeed entitled to access the restricted service. Likewise, the user should be reasonably assured that only such user can access the restricted service based on such credentials.
Typically, the user enters the credentials including the password at the computing device by way of a keyboard or the like associated with the computing device, which presumes that the password in particular is textual in nature and composed of a string of alphanumeric characters. Oftentimes, the restricted service employs a related access service to receive the credentials including the password and to determine whether the user is entitled to access the restricted service based on the received credentials.
Such an access service may for example maintain a credentials database of acceptable user names with corresponding password information and related indicia. Thus, upon receiving a user name and password from a user attempting to gain access to the restricted service, the access service may first determine that the received user name is in the credentials database. If so, the access service may then determine that the received password matches the password information corresponding to the received user name in the credentials database. If so, the access service may then accept the user and create a session for the accepted user at the restricted service and in doing so allow the accepted user to access the restricted service.
Again presuming that the password in particular is textual in nature and composed of a string of alphanumeric characters, it may be appreciated that the password may be characterized according to a strength thereof. In particular, password strength is a measurement of the effectiveness of a password as an authentication credential. Typically, the strength of a password is a function of length, complexity, and randomness. Also typically, the strength of a password is in opposition with the ease of use of such a password. That is, although a password serves an essential role in computer security, it must also be reasonable and functional for the user. A password that is strong is likely more difficult to remember by a user and therefore saved by the user in a written form, which may be considered a security risk. A password that is easy to remember need not be saved in written form, thus obviating the corresponding security risk, but is more easily guessed at, which poses a much greater security risk and which renders the password relatively weak. All other things being equal, then, a strong password is likely better than a weak one.
Guidelines for creating a strong password typically suggest that the password be at least a minimum number of characters (12 or 14, e.g.), composed from a set of characters that includes upper-case and lower-case letters, the numbers 0-9, and punctuation symbols normally available at a keyboard of a computing device or the like (i.e., !, @, #, %, ^, &, *, [, ], etc.), and composed to include a mix of the upper-case letters, the lower case letters, the numbers, and the punctuation symbols. While not definitive, it has been suggested that such a mix include at least three of the four aforementioned types of characters. As is generally known, a strong password should avoid repetition, dictionary words, letter or number sequences, user names, or biographical information like names or dates.
Examples of strong passwords include: 4pRte!ai@3—which mixes uppercase, lowercase, numbers, and punctuation; Tp4tci2s4U2g!—which is built from a phrase that a user can memorize: “The password for (4) this computer is too (2) strong for you to (4U2) guess!”, and mixes types of characters as well; BBslwys90!—which is loosely based on a phrase that a user can memorize: “Big Brother is always right (right angle=90°)!” and mixes types of characters as well; tDI″60Hs7Q—which has characters selected from two stanzas by different methods from a page randomly selected using a 10-sided die; and I52@36291QBs (—which is a unique serial number from a currency note with added random elements; among others.
Notably, the use of upper-case characters, lower-case characters, numbers, and/or punctuation symbols in a strong password requires that the user entering such strong password expend a heightened amount of effort in locating and typing such characters on a keyboard of a computing device. Such heightened effort does not arise to a particularly onerous level when the keyboard is a full-featured keyboard such as that which may be typically associated with a personal computer or the like. However, and significantly, the same is not true when the keyboard is a more limited-featured keyboard such as that which may be associated with a mobile telephone or even with a portable data assistant or the like.
In the case of such a mobile telephone or the like, the keyboard may be a 12-character keypad with additional control keys or the like, as is known, while in the case of such a portable data assistant or the like, the keyboard may be a reduced QWERTY keypad or the like, as is also known. Such keypads or keyboards do usually provide access to all manner and form of the aforementioned upper-case characters, lower-case characters, numbers, and punctuation symbols that are required for a strong password, as is known. However, such provided access may require an extended series of keystrokes, particularly if the character being accessed is a punctuation symbol. Thus, entry of a password using characters that require such extended series of keystrokes can take an excessive amount of time that contributes to the aforementioned onerous level of heightened effort. Moreover, such an extended series of keystrokes heightens the probability that a particular character is improperly entered, resulting in the need to re-enter the password and further contributing to the aforementioned onerous level of heightened effort.
Accordingly, a need exists for a system and method that reduces the aforementioned onerous level of heightened effort that may be required to enter a password such as a strong password in a computing device such as a computing device with a more limited-feature keyboard.